USCIB Letter to European Commissioners and Parlimentarians
on the Electronic Communications Privacy Directive
October 9, 2001
Mr. Marco Cappato
Member of the European Parliament
Dear Mr. Cappato,
Following the European Parliament’s decision to return the Draft Directive on processing personal data and the protection of privacy in the electronic communications sector (500PC0385) to committee for further work, we are writing to express our general views as you move forward. We recognize that some of our concerns have been addressed in adopted amendments, and urge you to ensure that these amendments are incorporated into the final Directive. This instrument would replace the current Directive 97/66/EC and extends the scope of this Directive to other forms of electronic communications. The protection of personal privacy is an important issue for industry, consumers, and governments, but we do not support the approach reflected in the Commission’s proposal.
· The proposed Directive adds a provision on unsolicited e-mails which calls for prior consent by the consumer (opt-in conditions) to receive direct marketing services.(Article 13)
· Subscribers would be given the right to determine if they are to be listed in a public directory and how that information will be used and processed through expressed consent. Subscribers must be informed of services such as reverse search functions in electronic public directories. (Article 12)
· It extends the condition of prior consent for further processing of traffic data (the process of ‘transmitting a communication’) to the Internet for value added services. (Article 6.3)
· The proposal outlines the conditions of anonymity and consent for processing of location data which indicates the geographic position of a user or their terminal equipment. (Article 9)
· It implies data storage requirements. (Article 15)
The proposed Directive seeks to curb all unsolicited e-mail in an effort to combat the problems associated with spam by imposing a blanket prohibition in all cases where the recipient has not affirmatively expressed a desire to receive these types of messages. A distinction must be made between unsolicited commercial e-mail and spam. Unsolicited commercial e-mail is used for targeted marketing and other commercial purposes by reputable businesses. Spam, on the other hand, is often sent by anonymous, fraudulent entities to general mailing lists without a specific target and with no prior interest in a related product or service. Some countries within Europe currently have more restrictive definitions of the term “unsolicited” than others. The proposed Directive does not address this problem. For example, there is some uncertainty regarding existing customers. We understand that one interpretation would apply “opt-out” rules for existing customers as to both current and new products and services, but “opt-in” rules as to all unsolicited communications with prospective or “new” customers. However, some countries consider communications without prior explicit consent to both new and existing customers as “unsolicited” commercial e-mails. The technical and practical difficulties of administering such a dual-track system would be extremely onerous, if not insurmountable for businesses. In addition, it is not at all clear that every Member State would adopt the same interpretation or choice between “opt-in” and “opt-out” for communications to existing versus new customers and about current versus new products and services.
Finally, in those situations in which an “opt-in” approach is required, how is consent to be obtained from someone (existing customer or not) without seeking it by way of an “unsolicited” communication? Business is presented with a circular and illogical conundrum in which you must obtain consent to ask for consent, but you cannot ask for consent without preexisting consent. The likely effect of such an “opt-in” requirement would be to prevent reputable companies from marketing goods and services with the use of e-mail. The Commission’s recommendation to require an opt-in approach conflicts with adopted Community policy, allowing opt-out solutions such as opt-out registries for consumer choice (e.g. the Distance Selling Directive (97/7/EC), the E-commerce Directive (00/31/EC) and the general telecommunications data protection Directive (95/46/EC)). This puts at risk legitimate uses of caller location data for value-added services, direct marketing and directory publishing. In this regard, we think it useful to recall that the reason Articles 7(f) and 14(b) of the Data Protection Directive are phrased as they are with respect to balancing individual and data controller interests and the right to object to processing for direct marketing activities is precisely to avoid this logical impossibility posed by an opt-in requirement. We would strongly urge you to observe this precedent, which has proved entirely reasonable and workable.
ISPs and other merchants should be encouraged to make responsible use of the innovative marketing techniques made possible by the Internet. Consumers stand to benefit from the convenience and efficiency of receiving information about new offers from merchants via
e-mail. In addition, small and medium-sized enterprises use Internet marketing to reach large numbers of potential customers cheaply and effectively. Where employed appropriately, commercial e-mail can play a legitimate and significant role in the emergence of e-commerce.
We urge the Commission to consider the negative effects of imposing an opt-in requirement. An opt-in regime would be inherently more costly and cumbersome than an opt-out rule, because ISPs and merchants would be unable to offer customers information about new products. While consumers theoretically may opt-in to receive marketing offers, they cannot know what goods and services might be available in the future, so by definition consumers are not in a position to know whether an offer that does not yet exist will be of interest. Of course, some consumers strongly prefer to avoid all unsolicited marketing, but the needs of these consumers are fully met by opt-out alternatives. Some of the opt-out possibilities include encouraging the best practice of requiring unsolicited commercial e-mails to include an "opt-out" automatic reply button, or something similar. Moreover, the global e-mail preference service, similar to domestic mail and telephone preference services known in many countries, has proved effective and useful as a consumer-empowerment tool.
The requirement for prior and explicit consent for the use of caller location data will interfere with the offering of new mobile services designed to provide location-specific data such as restaurant listings or bus schedules. Many of these services could be ordered at a moment’s notice when the consumer has a need for a particular piece of information. By requiring unambiguous prior permission in order to use location tracking data, industry could be prevented from making many of these consumer friendly services available.
Similarly, an “opt-in” requirement for use of subscriber data by third parties is likely to prevent competitive directory publishers from obtaining listings published in telephone directories and making them available online. Competitive publishers often provide directories tailored to the unique needs of a specific geographic region or group of consumers, and the Working Document would impede the ability to offer these products. It is the view of the USCIB that directory publishers must continue to have access to a basic set of subscriber data, for which the subscriber can choose to opt-out of free of charge. Equally, prior consent for additional data for directory databases/listings and services must be transparent and data used only for intended purposes. The maintenance of this data by the directory publishers must be manageable, present no undue liability, and not be cost prohibitive for the provision of services.
At the moment, Article 15 of the Draft Directive allows Member States to restrict the obligation under Article 6 to erase or anonymize traffic data for reasons of national security, defense or criminal investigations. USCIB members fully support appropriate cooperation with law enforcement to enhance security, being mindful of business realities.
In the context of electronic communications, a distinction must be made between data retention and data preservation. Data retention requirements mandate that organizations – non-profits, governmental agencies, commercial enterprises and individuals keep and store certain types of data for a prescribed period of time. By contrast, data preservation refers to the storage or “freezing” of specifically identified data, pursuant to a specific government request and for a relatively brief period of time, during which the government can obtain judicial orders or interim relief requiring the disclosure of the data.
We believe that service providers should be required to preserve data in their possession only upon receipt of a subpoena (or written functional equivalent thereof) issued by a competent judicial or administrative authority that follows appropriate due process, is narrowly tailored to meet the needs of a specific investigation or prosecution, is limited in duration, and is conducted in an expedited way.
USCIB would be pleased to work with you in determining appropriate measures that could be implemented to help consumers without endangering fair business practices.
We appreciate your attention to our concerns and would welcome the opportunity to provide any additional information that you might find useful.
I am sending identical letters to many of your colleagues in the Parliament and to Commissioners Bolkestein and Liikanen.
Thomas M.T. Niles